Unfettered Blog

Will a control system cyber security framework really get organizations to collaborate

Electrons do not have organization charts. Neither do hackers. Unfortunately people and organizations do. As a result of the second utility willing to engage in an Aurora demonstration project, an issue arose about the cyber security of the devices used in the transformer controls.

NIST Released New Draft Outline of Cyber Standard #pauto #critical-Infrastructure #automation #cybersecurity #hacking

NIST Releases Draft Outline of Cybersecurity Framework for Critical Infrastructure

Who is the greater threat to reliability of the electric grid - NERC or the hackers?

What precipitated this blog was a NERC employee trying to discourage a utility from participating in an Aurora hardware demonstration. Based on the facts below, I would posit that the NERC CIP approach has not improved the reliability of the electric grid from cyber threats and may have actually made...

What does it take to get engineering back into security?

As an engineer, I have been brought up to work with number, physics, and logic. As a control systems engineer, I have brought up to focus on reliability and safety - we want the process to work and not to hurt people.

How can a major SCADA vendor be this clueless

I am aware of a utility having just performed a SCADA upgrade with a major SCADA supplier. The previous version was not secure. Part of the upgrade process was to secure the new version. Following the completion of the upgrade, the vendor is remotely accessing the live SCADA system and...

A major cyber threat to critical infrastructures is from ... the electric utilities

Critical infrastructures include water, oil/gas, pipelines, chemicals, manufacturing, telecommunications, transportation, etc. Their continued operation requires the electric utility industry to be available. However, the electric utility industry is also a cyber threat to all of those end-users. That threat is Aurora.

Even former ex-CIA officers don't understand ICS cyber security

Mark Sparkman is a former senior officer with the CIA's National Clandestine Service, and is now a senior international affairs analyst with the RAND Corporation. He wrote this article: The Real Cyber Threat, for CNN http://www.rand.org/commentary/2013/05/21/CNN.html.

ICS Cyber Security is still not understood by the IT community - and it is hurting critical infrastructure

May 8, 2013 Cheri McGuire, Symantec's Vice President, Global Government Affairs & Cybersecurity Policy testified to the Senate Judiciary Subcommittee on Crime and Terrorism hearing. She stated: "In my testimony today, I will provide the Subcommittee with our latest analysis of the threat landscape as detailed in the just-released Symantec...

Medical device and pharmaceuticals - where is ICS cyber security

December 2011, I attended the POLCYB meeting in Los Angeles. A major pharmaceutical manufacturer attended. The pharmaceutical representative mentioned they had not addressed ICS cyber security as they had simply not considered it and there was no regulatory driver.

Counterfeit exida safety certifications discovered

SELLERSVILLE, PA (May 9, 2013) --exida, an accredited global Certification Body, has discovered a counterfeit certificate falsely claiming that a product meets the functional safety requirements for Safety Integrity Level (SIL) 3 capable per IEC 61508.